Configure Postfix MTA for Use with Mastodon Effortlessly (Effortless 5 Minute Guide)

This article describes how to configure Postfix MTA for use with Mastodon server. Admins who self-host their Mastodon instances can easily configure Postfix MTA (possibly even to do so using the same VPS server) to handle the email services.

What is Postfix?

Postfix is a popular open-source mail transfer agent (MTA) used to route and deliver emails on Unix-like operating systems, including Linux. It is a fast, secure, and easy-to-configure alternative to Sendmail, commonly used by mail servers.

What is Mastodon?

Mastodon is a free, open-source, decentralized social network that operates as part of the Fediverse (a network of interconnected but independent social platforms). Unlike centralized platforms like Twitter, Mastodon allows users to join or host their own servers (instances) while still interacting with users on other instances.

Key Features of Postfix:

• Security Focused: Designed to minimize risks and vulnerabilities.
• Performance Optimized: Efficiently handles a high volume of emails.
• Easy Configuration: Uses simple configuration files (/etc/postfix/main.cf and /etc/postfix/master.cf).
• Spam & Abuse Control: Includes built-in anti-spam and anti-relay protections.
• Flexible: Supports integration with other email tools like Dovecot, SpamAssassin, and DKIM.

Common Use Cases:

• Mail Servers: Used for handling email sending and receiving.
• Relay Host: Can act as a relay server to forward emails.
• SMTP Gateway: Works as an SMTP relay for outgoing emails.

Relationship of Postfix and Mastodon

Mastodon and Postfix interoperate because Mastodon, as a federated social network, needs an email server to send emails for user registrations, notifications, and password resets. Postfix serves as the Mail Transfer Agent (MTA) that Mastodon uses to send these emails.

How Mastodon Uses Postfix:

When you configure Postfix MTA for use with Mastodon, you can expect the following workflow:

1. Mastodon Generates Emails:
   • When a user registers, requests a password reset, or receives a notification, Mastodon generates an email.
2. Postfix Handles Email Sending:
   • Mastodon forwards the email to Postfix, which then relays it to the recipient’s mail server (e.g., Gmail, Outlook).
   • Postfix can either send emails directly or relay them through an SMTP provider like Gmail, Mailgun, or SendGrid.

Prerequisites

Before we discuss how to configure Postfix MTA for use with Mastodon, ensure that you have:

• A server running Mastodon (e.g., Ubuntu 22.04, Debian 11)
• A valid domain name (e.g., example.com) – Register a Domain from just $1.99/yr
• An SMTP relay service (optional but recommended, e.g., SendGrid, Mailgun, Self-Hosted)
• Proper DNS records configured (SPF, DKIM, and DMARC) – See Guide: Getting Started with DNS Manager

How to Configure Postfix MTA for Use with Mastodon Server

To configure Postfix for use with Mastodon server, follow the steps provided:

1. Install Postfix

   Install Postfix using the package manager:

   sudo apt update && sudo apt install postfix

   During installation, select ‘Internet Site’ and set your fully qualified domain name (FQDN), e.g., mail.example.com.

2. Configure Postfix

   Edit the main Postfix configuration file:

   sudo nano /etc/postfix/main.cf

   Modify or add the following parameters:

   # Basic settings myhostname = mail.example.com myorigin = example.com inet_interfaces = all inet_protocols = ipv4 relayhost = [smtp-relay.example.com]:587 # Security settings smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem smtpd_use_tls=yes smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt # Authentication smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous # Queue and delivery optimizations maximal_queue_lifetime = 1d bounce_queue_lifetime = 4h smtp_connection_cache_on_demand = no smtp_connection_cache_time_limit = 2s

3. Set Up SMTP Authentication (If Using a Relay)

   Create the authentication file:

   sudo nano /etc/postfix/sasl_passwd

   Add your SMTP relay credentials:

   [smtp-relay.example.com]:587 username:password

   Secure and process the file:

   sudo chmod 600 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd

4. Configure DNS Records

   Ensure your domain has the following records:

   SPF Record (TXT Record):

   v=spf1 include:_spf.example.com ~all

   DKIM Record (Generated via your SMTP provider)

   DMARC Record (TXT Record):

   v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.com;

5. Restart and Test Postfix

   Restart Postfix to apply changes:

   sudo systemctl restart postfix sudo systemctl enable postfix

   Send a test email:

   echo "Test Email from Mastodon" | mail -s "Test" your-email@example.com

   Check logs for issues:

   sudo tail -f /var/log/mail.log

6. Install PostfixAdmin (Optional)

   PostfixAdmin is a web-based interface for managing Postfix virtual domains and users. To install PostfixAdmin, follow the steps below:

   1. Install Dependencies

      sudo apt install php php-fpm php-mbstring php-intl php-xml php-mysql mariadb-server unzip

   2. Create Database for PostfixAdmin

      sudo mysql -u root -p

      Inside MySQL:

      CREATE DATABASE postfixadmin; CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'strongpassword'; GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost'; FLUSH PRIVILEGES; EXIT;

   3. Download and Configure PostfixAdmin

      cd /var/www/html sudo wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-3.3.10.tar.gz sudo tar -xvzf postfixadmin-3.3.10.tar.gz sudo mv postfixadmin-postfixadmin-3.3.10 postfixadmin cd postfixadmin sudo cp config.local.php config.inc.php sudo nano config.inc.php

      Modify database settings:

      $CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfixadmin'; $CONF['database_password'] = 'strongpassword'; $CONF['database_name'] = 'postfixadmin';

      Save and exit.

   4. Set File Permissions

      sudo chown -R www-data:www-data /var/www/html/postfixadmin sudo chmod -R 755 /var/www/html/postfixadmin

   5. Configure Apache

      sudo nano /etc/apache2/sites-available/postfixadmin.conf

      Add:

      <VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/html/postfixadmin/public ServerName mail.example.com <Directory /var/www/html/postfixadmin/public> AllowOverride All Require all granted </Directory> </VirtualHost>

      Enable and restart Apache:

      sudo a2ensite postfixadmin.conf sudo systemctl restart apache2

7. Configure Mastodon to Use Postfix

   Edit the .env.production file in your Mastodon directory:

   SMTP_SERVER=127.0.0.1 SMTP_PORT=25 SMTP_LOGIN= SMTP_PASSWORD= SMTP_FROM_ADDRESS='noreply@example.com'

   Restart Mastodon:

   cd /home/mastodon/live RAILS_ENV=production bin/tootctl restart

8. Harden Security

   1. Restrict Relay Access:

      smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination

   2. Limit Failed Login Attempts:

      smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org

   3. Enable DANE (optional):

      smtp_tls_security_level = dane

9. Monitor and Maintain

   Regularly monitor logs:

   sudo journalctl -u postfix -n 50 --no-pager

   Use postqueue -p to check mail queue.

Conclusion

You now know how to configure Postfix MTA for use with Mastodon.

By following these best practices, you ensure a secure, reliable, and optimized email setup for your Mastodon server. Postfix will efficiently handle email notifications, password resets, and other mail-related tasks, enhancing the user experience.